Lab 20: Cryptography

CompTIA Security+ Lab Series Lab 20: Cryptography CompTIA Security+ Domain 6 - Cryptography Objective 6.1: Summarize General Cryptography Concepts Document Version: 2013-08-02 Organization: Moraine Valley Community College Author: Jesse Varsalone Copyright Center for Systems Security and Information Assurance (CSSIA), National Information Security, Geospatial Technologies Consortium (NISGTC) The original works of this document were funded by the National Science Foundation s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746; Center for Systems Security and Information Assurance (CSSIA) at Moraine Valley Community College (MVCC). This work has been adapted by The Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48. The National Information Security, Geospatial Technologies Consortium (NISGTC) is authorized to create derivatives of identified elements modified from the original works. These elements are licensed under the Creative Commons Attributions 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. The Network Development Group (NDG) is given a perpetual worldwide waiver to distribute per US Law this lab and future derivatives of these works.

Contents Introduction... 3 Objectives: Explain the security function and purpose of network devices and technologies... 3 Pod Topology... 4 Lab Settings... 5 1 Encryption with the Encrypted File System... 6 1.1 Using EFS... 6 1.2 Conclusion... 16 1.3 Discussion Questions... 16 2 Backing up Encrypted File System Keys... 17 2.1 Backing up the EFS Key... 17 2.2 Conclusion... 29 2.3 Discussion Questions... 29 3 Encrypted File System Key Recovery... 30 3.1 File Recovery by Installing the PFX File... 30 3.2 Conclusion... 35 3.3 Discussion Questions... 35 References... 36 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 2 of 36

Introduction This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG), funded by the National Science Foundation s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746. This work has been adapted by The Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48. This series of lab exercises is intended to support courseware for CompTIA Security+ certification. This lab includes the following tasks: 1 Encryption with the Encrypted File System 2 Backing up Encrypted File System Keys 3 Encrypted File System File Recovery Objectives: Explain the security function and purpose of network devices and technologies Companies need to protect their internal resources. This is often done by using encryption. Encryption is a way of scrambling data so it cannot be read by others. EFS The Encrypted File System is a feature that can be utilized on NTFS volumes on Microsoft Windows operating systems used to protect data from being accessed. NTFS New Technology File System, or NTFS. An NTFS Volume is required to use EFS. Recovery Agent A recovery agent can recover files that were encrypted using EFS Pfx file A Personal Information Exchange file. It can be exported in Windows. net user The command allows you to view, create, and delete users in Windows. 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 3 of 36

Pod Topology Figure 1: Topology 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 4 of 36

Lab Settings The information in the table below will be needed in order to complete the lab. The task sections below provide details on the use of this information. Required Virtual Machines and Applications Log in to the following virtual machine before starting the tasks in this lab: Windows 7 Internal Attack Machine 192.168.100.5 Windows 7 student password password Windows 7 Internal Attack Login: 1. Click on the Windows 7 Internal Attack icon on the topology. 2. Enter the username, student (verify the username with your instructor). 3. Type in the password, password and hit enter to log in (verify the password with your instructor). Figure 2: Windows 7 login 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 5 of 36

1 Encryption with the Encrypted File System The encrypted file system allows a Microsoft Windows operating system user to protect their data so it cannot be read by anyone else using the system. EFS has been available since Windows 2000 and is only supported on New Technology File System (NTFS) drives. The user who encrypts the file does not need to provide a password to access it. 1.1 Using EFS 1. On the Windows 7 Internal Attack Machine, open a command prompt by clicking on the shortcut on the desktop. Figure 3: Opening the Command Prompt 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 6 of 36

2. Type the following command to make a directory called private on the root of C: C:\mkdir private Figure 4: Making a Directory 3. Type the following command to list all files and folder on the root of C: C:\dir Figure 5: IP address of External BackTrack 4. Type the following command to enter the private directory on the root of C: C:\cd private Figure 6: Entering the Directory 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 7 of 36

5. Create a file called SSN.txt that says 123-45-6789 by typing the following: C:\private>echo 123-45-6789 > SSN.txt Figure 7: Creating SSN.txt 6. Type the following to view the files and folders in the private directory: C:\>dir Figure 8: Directory Listing 7. Type the following command to view the contents of the SSN.txt file: C:\ type SSN.txt Figure 9: Viewing the Contents of the file 8. Type the following command to leave the command line environment: C:\exit Figure 10: Exiting the Command Line 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 8 of 36

9. Click on the Start Button and select Computer from the start menu. Figure 11: Start Menu 10. Under Hard Disk Drives (1), double-click on Local Disk (C:). Figure 12: The C: Drive 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 9 of 36

11. Right-click on the Private Folder in the list and select Properties. Figure 12: Properties of the Folder 12. On the General tab, click the Advanced button. Figure 13: Advanced Tab 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 10 of 36

13. Check the box that states Encrypt contents to secure data. Click OK. Figure 14: Encrypt Contents 14. Click OK. Select Apply changes to this folder, subfolder and files. Click OK. Figure 15: Applying Changes to the Folder 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 11 of 36

15. View the private folder on the C: Drive; the color of the file changed to green. Figure 17: Encrypted Folder 16. Open a command prompt by clicking on the shortcut on the desktop. Figure 18: Opening the Command Prompt 17. Create a user on the Windows 7 system by typing the following command: C:\>net user jessejames cowboy /add Figure 16: Creating a User 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 12 of 36

18. Type the following command to add the user to the local administrators group: C:\>net localgroup administrators jessejames /add Figure 20: Adding the User to Administrators 19. Verify that the user has been added to the administrators group by typing: C:\>net localgroup administrators Figure 21: Viewing the administrators group 20. Click on the Start Button, click to the right of shutdown, and select Log off. Figure 22: Log Off 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 13 of 36

21. Click on the icon with the name jessejames at the Welcome page. Figure 17: Selecting the User 22. Type cowboy for the password for the jessejames account. Figure 18: Typing the Password 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 14 of 36

23. Click on the Start Button and select Computer from the start menu. Figure 19: Start Menu 24. Under Hard Disk Drives (1), double-click on Local Disk (C:). Figure 26: The C: Drive 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 15 of 36

25. Double-click on the Private Folder. Try to open SSN.txt. Access is denied. Figure 20: Access is Denied 1.2 Conclusion The Encrypted File System, or EFS, is a way for a user to protect personal data on a machine that may be shared by several users. In order to use EFS, the Windows operating system must have a New Technology File System (NTFS) partition. 1.3 Discussion Questions 1. What File System is required in order to use EFS? 2. What command allows you to add a user from the command line? 3. What command can be utilized to create a file from the command line? 4. What command allows you to create a directory from the command line? 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 16 of 36

2 Backing up Encrypted File System Keys A user can select or create keys, back up their EFS key, update their key, or configure the use of a smart card. A smart card is a physical device that the user would need to carry with them in order to authenticate. The use of smart cards is common within organizations where security is paramount, such as the United States Department of Defense. 2.1 Backing up the EFS Key 1. Click on the Start Button, click to the right of shutdown, and select Log off. Figure 21: Log Off 2. Click on the icon with the name student at the Welcome page. Figure 22: Log on as Student 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 17 of 36

3. Log on to Windows 7 Internal Attack Machine as student with the password of password. Figure 23: Logging on to the Windows 7 Machine 4. Click on the Start button and select Computer from the start menu. Figure 24: Start Menu 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 18 of 36

5. Under Hard Disk Drives (1), double-click on Local Disk (C:). Figure 25: The C: Drive 6. Double-click on the private folder located on the root of the C: Drive. Figure 26: The Private Folder 7. Verify that student can still access the SSN.txt Figure 27: Accessing the Encrypted File 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 19 of 36

8. Click on the Start button and select the Control Panel. Figure 28: Control Panel 9. Within the Control Panel, click on User Accounts and Family Safety. Figure 29: User Accounts and Family Safety 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 20 of 36

10. Click the User Accounts link under the User Accounts and Family Saftey. Figure 37: User Accounts Link 11. Click the Manage your file encryption certificates link on the left. Figure 30: Manage Certificates 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 21 of 36

12. Click Next at the Manage you file encyrption certificates screen: Figure 31: Managing File Certificates 13. Click Use this certificate and click Next. Figure 32: Use this Certificate 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 22 of 36

14. Click Browse next to Backup location. For the filename, type mykey, and click Save to save to the default location of Documents. Figure 33: Save the file 15. For the password and confirm password, type P@ssw0rd. Click Next. Figure 34: Setting the password 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 23 of 36

16. Expand All Logical Drives, Select Local Disk (C:), and click Next. Figure 35: Setting the password A Progress Screen will appear that indicates it is updating your encrypted files. Figure 36: Progress Screen 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 24 of 36

17. Click Close at the screen that states, Your Encrypted files have been updated. Figure 37: EFS has been updated If the user s password is changed, they will no longer be able to access their EFS files. 18. Open a command prompt by clicking on the shortcut on the desktop. Figure 38: Opening the Command Prompt 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 25 of 36

19. Change the password for the student user to 123 by typing the following command: C:\>net user student 123 Figure 39: Changing the password to 123 20. Click on the Start Button, click to the right of shutdown, and select Log off Figure 40: Log Off 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 26 of 36

21. Click on the icon with the name student at the Welcome Page Figure 41: Log on as Student 22. Log on to the Windows 7 Internal Attack Machine, as student with the password of 123. Figure 42: Logging on to the Windows 7 Machine 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 27 of 36

23. Click on the Start Button and select Computer from the Start Menu. Figure 43: Start Menu 24. Under Hard Disk Drives (1), double-click on Local Disk (C:). Figure 44: The C: Drive 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 28 of 36

25. Double-click on the private folder located on the root of the C: Drive. Figure 45: The Private Folder 26. Try to open SSN.txt. Access is denied. Figure 46: Access is Denied 2.2 Conclusion EFS keys can be backed up. It is important to back up the EFS key because if the user s password is changed, they will no longer be able to access their EFS files. It is very important to set a very strong password when you are generating the recover key. 2.3 Discussion Questions 1. Where does a user go to back up their Encrypted File System keys? 2. Will a user be able to access their EFS files after they change their password? 3. What is the command to change the user student s password to 123? 4. Why is it important to set a strong password when generating a recover key? 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 29 of 36

3 Encrypted File System Key Recovery If a user s password is changed, they cannot access their EFS files. However, if the certificate was backed up prior to changing the password, the file can be recovered. EFS files can be recovered by installing the Personal Information Exchange File (PFX) file. 3.1 File Recovery by Installing the PFX File 1. Click on the Start Button and select Documents from the start menu. Figure 47: Documents Link 2. Right-click on the mykey.pfx file and select Install PFX. Figure 48: Install PFX 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 30 of 36

3. Click Next at the Welcome to the Certificate Import Wizard Screen Figure 49: Certificate Import Wizard 4. Click Next at the File to Import Screen Figure 50: File to Import Screen 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 31 of 36

5. Type the password of P@ssw0rd for the Private key and click Next. Figure 51: Configuring the Firewall Rules 6. Click Next at the Certificate Import Wizard. Figure 52: Certificate Store 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 32 of 36

7. Click Finish the Completing the Certificate Import Wizard. Figure 53: Finishing the Import 8. Click OK to the message box that states, the import was successful. Figure 54: The Key was Imported 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 33 of 36

9. Click on the Start Button and select Computer from the start menu. Figure 63: Start Menu 10. Under Hard Disk Drives (1), double-click on Local Disk (C:). Figure 55: The C: Drive 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 34 of 36

11. Double-click on the private folder located on the root of the C: Drive. Figure 56: The Private Folder 12. Try to open SSN.txt. Access has been restored. Figure 57: The File Opens 3.2 Conclusion When you change your password, you can no longer access your EFS files. However, if you back up the recovery key before the password is changed, EFS files can be recovered. In order to recover the EFS files, you must install the saved PFX file. 3.3 Discussion Questions 1. What needs to be provided when installing a PFX key? 2. What is the default color of EFS files and folders? 3. How can you determine if the certificate was imported successfully? 4. Install the PFX file to recover EFS files and folders. What does PFX stand for? 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 35 of 36

References 1. Invalid Social Security Numbers: http://www.nesug.org/proceedings/nesug07/ap/ap19.pdf 2. Overview of EFS: http://technet.microsoft.com/en-us/library/cc700811.aspx 3. Net user command: http://ss64.com/nt/net_useradmin.html 4. Echo command: http://www.computerhope.com/echohlp.htm 5. PFX files: http://en.wikipedia.org/wiki/pkcs_%e2%99%af12 8/2/2013 Copyright 2013 CSSIA, NISGTC Page 36 of 36